Problem with disgest-md5 and data-base hash code

diff --git a/lib/lvleml.c b/lib/lvleml.c
index cc82cb02bcd6956902dd9da7ae7f48482a46b95c..84c56a8c70e84c2d70ef663a4f61498a1a2ac2e9 100644 (file)
--- a/lib/lvleml.c
+++ b/lib/lvleml.c
@@ -653,18 +653,18 @@ static void get_auth_digest_md5(CONTYP *contact,char **rmtpass)
 {
 #define OPEP    "lvleml.c:get_auth_digest_md5,"
 
-char *tmppass;
 char *challenge;
 RSPTYP *resp;
 char answer[300];
+char hash[20];
 int phase;
 _Bool proceed;
 
-tmppass=(char *)0;
 *rmtpass=strdup("$1(ukn as digest_md5)");
 challenge=(char *)0;
 resp=(RSPTYP *)0;
 (void) memset(answer,'\000',sizeof(answer));
+(void) memset(hash,'\000',sizeof(hash));
 phase=0;
 proceed=true;
 while (proceed==true) {
@@ -719,17 +719,21 @@ while (proceed==true) {
       contact->authname=rou_freestr(contact->authname);
       contact->authname=strdup(resp->username);
       if (sql_mngusr(contact->sqlptr,sql_select,resp->username,&usr)==true) {
-        if (usr->passwd!=(char *)0) 
-          tmppass=strdup(usr->passwd);
+        if (usr->hash!=(char *)0)
+          (void) strncpy(hash,usr->hash,sizeof(hash)-1);
         usr=sql_freeusr(usr);
         }
+      if (strlen(hash)==0) {
+        (void) rou_alert(0,"%s user <%s> missing hash value!",OPEP,resp->username);
+        phase=999;      //No need to go further
+        }
       }
       break;
     case 6      :  {    //sending the rspauth sequence.
       char *HAS;
       char *rspauth;
       char *b64;
-      if ((HAS=dig_hashresp(resp,"",tmppass))==(char *)0) {
+      if ((HAS=dig_hashresp(resp,"",hash))==(char *)0) {
         (void) rou_alert(0,"%s Unable to get the hash rspauth (Bug!)",OPEP);
         break;
         }
@@ -756,7 +760,7 @@ while (proceed==true) {
     case 8      :  {    //comparing result.
       char *HA0;
 
-      if ((HA0=dig_hashresp(resp,"AUTHENTICATE",tmppass))==(char *)0) {
+      if ((HA0=dig_hashresp(resp,"AUTHENTICATE",hash))==(char *)0) {
         (void) rou_alert(0,"%s Unable to get the hash response (Bug!)",OPEP);
         break;
         }
@@ -770,7 +774,6 @@ while (proceed==true) {
     }
   phase++;
   }
-tmppass=rou_freestr(tmppass);
 resp=dig_freeresp(resp);
 challenge=rou_freestr(challenge); 
 

diff --git a/lib/unidig.c b/lib/unidig.c
index c327a5e21d79407007db5cb4fa42078eb816a160..0eed6eb7820f0f155d79d38049d9f2250fa70d68 100644 (file)
--- a/lib/unidig.c
+++ b/lib/unidig.c
@@ -423,12 +423,15 @@ return challenge;
 /*      reponse available within RSPTYP record.         */
 /*                                                      */
 /********************************************************/
-PUBLIC char *dig_hashresp(RSPTYP *resp,char *mode,char *secret)
+PUBLIC char *dig_hashresp(RSPTYP *resp,char *mode,char *hash)
 
 {
+#define OPEP    "unidig.c:dig_hashresp,"
+
 char *HA0;
 char *HA1;
 char *HA2;
+MD5TYP *A1;
 char seq[400];
 int phase;
 _Bool proceed;
@@ -442,13 +445,17 @@ phase=0;
 proceed=(resp!=(RSPTYP *)0);
 while (proceed==true) {
   switch (phase) {
-    case 0      :  {    //computing hash HA1
-      MD5TYP *A1;
+    case 0      :       //computing A1 from data-base contents
+      A1=dig_get_plain_md5(hash);
+      if (A1==(MD5TYP *)0) {
+        (void) rou_alert(0,"%s Unable to convert hash=<%s>",OPEP,hash);
+        phase=999;      //trouble trouble
+        }
+      break;
+    case 1      :  {    //computing hash HA1
       char *ptr;
       int max;
 
-      (void) snprintf(seq,sizeof(seq),"%s:%s:%s",resp->username,resp->realm,secret);
-      A1=dig_hashmd5((unsigned char *)seq,strlen(seq));
       //starting algorithm value is "MD5-sess"
       (void) memset(seq,'\000',sizeof(seq));
       (void) memmove(seq,(char *)A1,sizeof(MD5TYP));
@@ -462,7 +469,7 @@ while (proceed==true) {
       (void) free(A1);
       }
       break;
-    case 1      :  {    //computing HA2
+    case 2      :  {    //computing HA2
       MD5TYP *A2;
 
       (void) snprintf(seq,sizeof(seq),"%s:%s",mode,resp->digesturi);
@@ -471,7 +478,7 @@ while (proceed==true) {
       (void) free(A2);
       }
       break;
-    case 2      :  {    //computing response
+    case 3      :  {    //computing response
       MD5TYP *A0;
 
       (void) snprintf(seq,sizeof(seq),"%s:%s:%08lx:%s:%s:%s",
@@ -491,4 +498,6 @@ while (proceed==true) {
 HA2=rou_freestr(HA2);
 HA1=rou_freestr(HA1);
 return HA0;
+
+#undef  OPEP
 }

diff --git a/lib/unidig.h b/lib/unidig.h
index d742a85ffac68e5c881cdde8acc027ebaa8c7a16..8b1856c0a0ba1c74f0c3f2d4a4610ede6f67fa02 100644 (file)
--- a/lib/unidig.h
+++ b/lib/unidig.h
@@ -46,6 +46,6 @@ extern char *dig_getchallenge();
 
 //Procedure to compute local response to challenge and
 //check if the remote session is the same
-extern char *dig_hashresp(RSPTYP *resp,char *mode,char *secret);
+extern char *dig_hashresp(RSPTYP *resp,char *mode,char *hash);
 
 #endif